When you change objects in a microflow. you do this as 'system’ instead of using the actual account's access rules as stated in the entity access rules.
if you DO want to have the flows respect those access rules that you set in your domain model, then you can use ‘Apply Entity Access’. (every subflow will have to adhere to this as well)
https://docs.mendix.com/refguide/microflow#5-security-properties
In general, ‘Apply Entity Access’ is not used all that often. There are good usecases for it. But your main bet is to just make sure that your microflow is not setting values that you dont want to set.
In this case, you want to generate the attribute, and not have a user be able to edit it.
Then all you need is a microflow to set the attribute and an access rule for the specific userrole to view the attribute on a page etc.